Security Bytes: Phishing worm spreads through MySpace

Phishing worm spreads through MySpaceHere's a concern for enterprises whose employees may be using MySpace on company time:

Phishers are targeting the MySpace community with a worm that exploits the Javascript support within Apple's embedded QuickTime player as well as a MySpace vulnerability, San Diego, Calif.-based Websense Inc. said in an advisory. Attackers are using the flaws to replace legitimate links on the user's MySpace profile with links to a phishing site.

"Once a user's MySpace profile is infected [by viewing a malicious embedded QuickTime video], that profile is modified in two ways," Websense said. "The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well."

An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, Websense said.

Security researchers warn of new Windows flawAttackers could cause a denial of service by exploiting a new flaw in Microsoft Windows, security researchers warned in advisories over the weekend.

According to Danish vulnerability clearinghouse Secunia, the flaw is caused by an error in the handling of "RpcGetPrinterData()" RPC requests within Windows' Print Spooler service (spoolsv.exe). "This can be exploited to consume almost all available memory via a specially crafted packet, which may result in a system crash," Secunia said.

EveryDNS is hit by massive botnet attackBotnet masters launched a fierce distributed denial-of-service (DDoS) attack over the weekend against Web sites using the free domain name management services of EveryDNS and sister company OpenDNS, which runs the PhishTank anti-phishing initiative. The attack ultimately affected thousands of sites, according to a report in eWeek. While the home page and blog for OpenDNS were knocked down for more than an hour Dec. 1, the company's core DNS resolution service seems to have escaped damage.

Attacks are continuing, but the company has managed to contain it through high-level traffic filtering and modifications at the DNS level, eWeek reported.

Email Alerts

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

It can be tempting to stray from the security roadmap security professionals have put in place when data breaches like the Sony and Anthem breaches are all over the news. But experts say it's crucial to stick to the security basics.

The Open Data Platform has arrived, but not all Hadoop vendors are on board. The initiative, aimed at boosting interoperability, formed a backdrop for discussion at the Strata + Hadoop World 2015 conference.